1. You want syslog events 430001? (Snort ips alerts) My scenario was FirePower services for ASA not FTD
Answer:Add logging host to your intrusion policy pointing to your CSSP appliance.
2. You want syslog events sent for file and malware?
Answer: Add another line in rsyslog.d/1-ips file on your CSSP specifying 430005. You can copy the line with 430001 and and change the second line from 430001 to 430005. Adjust your fmc access control policy in the logging tab adding checkbox for file and malware. Add your CSSP server as the receiver.
3. You want Security Intelligence events sent to CSSP?
Answer: Change your current syslog entry in DNS, URL, and IP security intelligence section of your access control policy pointing the logging to your CSSP server. You will need to add another entry into your CSSP server rsyslog.d/1-ips file to include these messages. Create an additional line copying the line with 430001 but changing the number to 430002.
I am newbie to the firewall config arena. I have an ASA 5510 that I have created a basic config for to access the internet. I am connecting to the firewall through the LAN and I am able to ping it and access the config via the ASDM. If I console in I am a...
Hello all, With "ip arp inspection vlan X" you enable Dynamic ARP inspection that determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping.My problem Is that I d...
Hallo.The ASA 5506-X has 4 GB of RAM and 2 GB of it is allocated to the FirePower software.This is too little, the MySQL database needs a lot, memory has to be swapped out to the swap partition.I don't need 2GB RAM for the ASA software.So how can I alloca...
I try 2 times with the same result what i can to do ? session log Downloading Tracking Tools... done.Removing stale lock fileUPDATE 0Updated timestamp of stale msgsdb entries.Preserving configuration ...Finished preserving confi...